Lootok

Menu

What's new?

Press release: New leadership team paves the way for the future of Lootok

For more than 10 years Lootok has pushed the boundaries of traditional crisis management and business continuity (BC). “I launched Lootok with the singular vision of doing BC differently,” said Lootok CEO, Sean Murphy. “Global volatility and increased competition have escalated the need for companies to prepare for disruptions. While everybody knows that they should have a BC program, nobody wants to do the work. BC is only important when it’s too late, and when an incident does occur, any data and plans that have been collected typically remain untouched.”

Lootok continually confronts these challenges by offering fresh points of view on industry standards and new ways to transform programs to meet today’s highly networked environment. Sean Murphy explains: “I knew that BC was an essential part of business. The negative returns I so often saw were not the result of BC itself, but rather how it was implemented. At that point, I saw a major opportunity in going beyond the cookie-cutter approach and offering something of lasting value.”

With this goal, Lootok based its services on a deep understanding of industry expertise and interdisciplinary sciences.  Why integrate interdisciplinary sciences? It is a simple answer, according to Sean: “We get better results. Through integrating cognitive sciences, gamification, and branding concepts we capture higher-quality data, buy-in at all levels of the organization, and sizable costs savings through self-service and automation.”

2017 marked a reflective period in Lootok’s history, where the company restructured areas of the organization to yield even greater innovation and sharpened its services to Lootok clients. Lootok is excited to announce that there are four changes in its talent pool that set the stage for this evolution. 

New Lootok Leadership Team

Read Post

Crisis management: fly the plane or fix the problem, don’t do both

Learning to either manage the crisis or run the company, but not do both, is a hard lesson for most executives, as they want to do it all. Executives achieve their position through hard work, overcoming extreme obstacles, success, confidence, and leadership. It becomes difficult to let go of the organizational reigns to focus on the crisis. Likewise, it is just as difficult to let others manage a crisis while they focus on the organization. This post is a reflection of a number of executive crisis management trainings I facilitated where the executive (e.g., CEO, business unit president, segment leader) wanted to ‘fly the plane’ and ‘fix the problem.’

fix the plane

 

Read Post

Join Lootok in Philly for RIMS 2017!

As you are making plans for the RIMS 2017 Conference in Philadelphia, make sure you don’t miss Lootok’s Sean Murphy and Jeremy Stynes speaking on Monday, April 24th. They will be exploring the psychology of risk, sharing innovative ways to market your program, and breaking down traditional myths of Business Continuity Management. All in our signature, non-conventional Lootok way. We hope you come and join us!

RIMS 2017: April 23-26th, 2017 | the Pennsylvania Convention Center | Philadelphia

Lootok Sessions on Monday, April 24 :
12:00 – 12:25 pm | Market Your Program Like a Product | Jeremy Stynes, President
1:00 – 1:25 pm | Five Myths of Operational Risk and Business Continuity Management | Sean Murphy, CEO
3:00 – 4:00 pm | Risk Shrink: Exploring the Psychology of Risk | Sean Murphy, CEO, Lootok; Hester Shaw, Internal Control Framework Director, GSK

Lootok Rims 2017 Philadelphia cheesesteak
Join Lootok for some juicy sessions on Business Continuity!

 

Read Post

The future of resiliency is not resiliency

Zona Walton [ADP - Global Business Resiliency] and I spoke at a private conference last month. The title of our session was The Future of Resiliency. We explored the idea that the future of resiliency isn’t resiliency; that is, it will be something else.

Lootok future of resiliency
The future of resiliency is not resiliency.

Read Post

Risky business: the risk matrix

Risky business: the risk matrix

In my previous two posts, I explored better ways of capturing your key assets, threats, and vulnerabilities. Now, we will take these ingredients and plot them on a risk matrix.

First, download Lootok’s risk matrix.

The risk martrix
The risk matrix

The risk matrix provides a way to think about the probability and consequences of risks. Typically, risk is measured using two variables: impact and probability, which make up the axes of matrix.

Both of these variables should be specifically defined before using the risk matrix to plot your risks. The first variable, impact, is a measure of how harmed or disrupted your business would be if the risk occurred. Impacts can occur across different areas, such as finance, regulation, or reputation. Within each impact area, a risk can cause a low or high impact.

Read Post

Risky business: Attackers and Defenders™

Risky business: Attackers and Defenders

Welcome back. In my previous post, I presented the first of three activities that Lootok uses to complete risk assessments.

Our second activity, Attackers and Defenders™, identifies threats and vulnerabilities. Remember: threats, vulnerabilities, and assets are the ingredients for a risk. Without these three ingredients, there is no risk. In this post, I will show you how to use this activity to identify your specific threats and vulnerabilities.

At Lootok we love Attackers and Defenders™ because it engages everyone in the room. It is competitive. It involves role-playing. It forces you to think creatively about your business, and most importantly it is fun, which is not a word often used in the same sentence as risk assessments and business continuity!

The Attackers and Defenders™ activity creates an environment for structured dialogue around your organization’s threats and vulnerabilities. The key objective of this activity is to define the threats and vulnerabilities facing your key assets. The activity helps you determine realistic threats to your assets, and the vulnerabilities that allow those threats to cause a disruption. You will also be asked to reach an agreed upon prioritization of your risks, complete with evidence that can be used for reporting, planning, and investment.

Read Post

Risky business: Value Map™

Risky business: Value map

In my previous posts about risk, I discussed why we need to consider it, why we have difficulty assessing it, and how to be more objective.

Next, I will explore a number of the activities that Lootok developed to help measure risk at your organization. The first activity is Lootok’s Value Map™. The Value Map™ helps you identify and visualize your organization’s assets. If you recall from the first post, an asset is one of the ingredients of risk.

The Value Map™ is exactly what it sounds like: a giant map on the wall depicting the environment for which you wish to do a risk assessment. The map can be a campus, a country, the globe, an IT map, a factory, or blueprints—whatever environment you wish to measure risk.

Lootok Value Map
Lootok Value Map™

Read Post

How to bring business continuity back to the basics

As business continuity practitioners, it would serve us well to take a cue from writer Antoine de Saint-Exupéry, who stated, “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”

Many risk and resiliency initiatives are more robust and complicated than they need to be. Common signs of an over-engineered program may include: lengthy plans packed with procedures and protocol, a BIA that takes months to complete, lengthy internal audits fixated on industry standards, and just a handful of people who actually know what to do in an incident.

Blessed with “the curse of knowledge,” we as practitioners can easily lose sight of how business continuity is perceived by our stakeholders. We fall prey to assuming that others understand the value of participating in program activities, much less have the expertise to decipher industry jargon (how many times in your career have you had to explain “RTO” and “MTPD”?).

Even Wikipedia’s description of “business continuity planning” is prefaced with the warning: “This article may contain an excessive amount of intricate detail that may only interest a specific audience.”

Put yourself in the shoes of a stakeholder who rarely thinks of contingency planning or has yet to experience an incident, and it’s even more critical that you keep your program simple.

What would happen if we were to boil down business continuity to just the basics? What if we began describing concepts in layman’s terms, and it helped to ease understanding and facilitate program adoption?

Lootok back to basics grey

Read Post

Facilitating an exercise? Find out how to reel people in!

Last month, I showed up at a client’s manufacturing site to facilitate an annual tabletop exercise. The company had recently kicked off its crisis management and business continuity initiative, so I wasn’t surprised to walk in and hear several people ask what this meeting was about, and how long it was going to last.

It is commonplace within organizations to have initiative atrophy or program of the month syndrome. People are doing more with less. Everyone is highly skilled at prioritizing work and recognizing false positive initiatives. Crisis management and business continuity can quickly get categorized as a ‘not now’ or ‘postpone as long as possible’ project in this environment. Therefore, it is important for risk and security professionals to allow our stakeholders bring themselves into the program. We need them to want the program and value the work we need them to do.

In my experience, there are usually three different types of people sitting in the room.

First, you have your evangelists, or your program advocates—they’re often the ones leading the initiative or they’ve already experienced some kind of catastrophic event. On the other end of the spectrum are those who have already decided risk management is irrelevant, so they’re checked out and sighing loudly.

But almost everyone in between is a good corporate citizen who has showed up with a printed copy of their plan because they were told to. Other than the occasional email, they’re not used to thinking about risk. You can’t blame them for wanting to just get the meeting over with and get on with their lives.

This mindset, unfortunately, is not uncommon. Whether people are unaware of the program or struggle to understand its value, it’s important to recruit them as active participants. So what are we as risk management professionals to do?

Lootok facilitate an exercise
Facilitate a successful exercise! Reel people in!

Read Post

Risky business: Who cares about risk?

Risky business: Who cares about risk?

Welcome back to my series on risk and risk assessments. In my first post I discussed why it is hard to objectively assess risk, and I suggested ways to look at risk more objectively. If you missed it, check out post 1.

This post explores why we need to think about risk in the first place.

Risk is inherent to doing business, and there are only two strategies that organizations can employ when facing risk:

  1. You can accept your risk
  2. You can reduce or eliminate your risk

Read Post

Risky business: What is risk?

Risky business: What is risk?

Risk lurks in all facets of daily life. Luckily, many risks are small: like crossing against the light when there are no cars or trying the new, Ethiopian restaurant down the block. Other risks are high: like quitting your job and doubling down on a new start up. Through our experience working with global organizations, we’ve seen it all. 

In spite of the ubiquity of risks, we rarely analyze them objectively. We are all imperfect, and we rely on past experiences and our emotions to understand the world around us and guide our decision-making. On the one hand, it makes sense that we are wired this way— if we didn’t rely on experience and emotion, we’d have to consciously evaluate every single situation anew, and we’d become paralyzed. On the other hand, there is a downside to the efficiency of this wiring: it makes us awful at objectively estimating risk. For example, bad experiences cloud our ability to accurately measure the impact of risks, as well as their relevance. Other factors, such as media attention, immediacy, control, and choice (Psychologist Paul Slovic) work to further compound that lack of objectivity.

Read Post

Avoid the “wait-for-impact”​ culture - on your mark, get ready, get ready, get ready…

In our business, we can all identify with the feeling that something bad is looming—the next big power outage, unprecedented snowstorm, or vicious cyber attack is right around the corner. Sometimes it can feel like all we’re doing is getting ready for a negative event.

Many industry activities—things like assessments, plans, exercising, and auditing—help to create this “wait-for-impact culture.” As we evaluate endless industry standards, regulations, and consulting methodologies, there is a hyper-focus on documentation, policies, procedures, steering committees, and audits.

This methodical approach works with well-defined risks, or those threats that are so familiar to us that we’ve integrated them into the way we do business. But what about complex risk? The most procedural checklists and plans don’t account for managing those threats that we’ve yet to figure out. Risks that are still emerging and largely unknown are the ones that could actually leave us vulnerable.

Ten years ago, we developed Lootok’s BCM Model®* because we realized that it wouldn’t ever be enough for leaders to simply respond. For companies to stay competitive, leaders must be more proactive than ever to also consider threats that are on the horizon.

get ready,stay alert, take action, Lootok
Get ready, stay alert, take action!

Read Post

Crisis Management, Business Continuity, and Entrepreneurship

This presentation was presented at the D.C. Analyst Roundtable. I was asked to speak on crisis management, business continuity, and how to run a program like a business. You can download the presentation from SlideShare.

yellow house

Read Post

Creative ways to train and drive adoption by leveraging BCM software - Lootok & ClearView

I presented at the BCI World Conference in London. My topic was on using learning, training, and awareness concepts and techniques to implement and maintain a business continuity and crisis management software. The objective is to better leverage software to drive adoption and quality.

BCI World Conference participants should be able to obtain a copy of the presentation from the BCI.

Using concepts and techniques from behavioral science and game theory, I suggested better ways to deliver software implementation and maintenance. Lootok has partnered with ClearView - an awarding winning globally recognized business continuity and crisis management software. We are ClearView’s North America service provider. We selected ClearView as the our software of choice after a lengthy due diligence process. Our partnership brings new capabilities as well has higher quality of service to the marketplace.

ClearView Continuity software can solve a lot of problems. For example:

  • It is a tool to manage workflow and communication
  • It is a destination for your data, information, and reporting
  • It is used to solve problems (e.g., gap analysis) and make decisions (e.g., investment)
  • It is used to get ready for an event (planning, plans, and practice) as well as at time of event to communicate and respond
Lootok & Clearview
Lootok & Clearview

 

Read Post

Getting your ducks in a row: Lootok’s one-of-a-kind project management methods

What is the best way to win?


The “on time, on budget, and as promised” motto that dominates our industry is a cliché. It’s the stock answer when asked how to evaluate a project’s success. You may achieve one or maybe two of these measures, but satisfying all three is no easy feat. While project plans can help, you need much more. At Lootok, we deliver projects through two proprietary means: ODWR® and 5Ds®.

Ducks in a row

Read Post

Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum in NYC

Join me at the Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum. I will be moderating a panel on ‘The General Counsel’s Role in Business Continuity Management’. To register, contact 1-800-308-1700. Hope to see you there!

Thomson Reuters Conference NYC 2016

One of the sad realities of the “new normal” is the escalating specter of terrorism-related crises in the workplace. Though not exclusively tethered to data privacy concerns or security incidents, a business executive’s ability to manage unforeseen trauma is an essential (and largely unspoken) part of the modern day job description. This interactive workshop offers timely, practical, scenario-based coaching on how to handle the unforeseen at a moment of supreme hardship. Participants will walk away with a clear understanding of core tenets of business continuity management, as well as key techniques for coping with or better understanding terrorism’s ineffable vicissitudes.

Where: The Metropolitan Club
When: November 16, 2016, 1:45pm to 2:45 pm
Topic: Darkness Descends: The General Counsel’s Role in Business Continuity Management

 

Read Post

Lootok presents at the DC Analysts’ Roundtable

Join me at the DC Analysts’ Roundtable on November 14th!  I will be presenting on Business Continuity & Crisis Management.

The DC Analysts’ Roundtable is a collaborative body of practitioners in the fields of intelligence and risk analysis from the private sector and federal, state, and local agencies. The Analysts’ Roundtable promotes the professionalization of the intelligence and risk analysis communities through the sharing of best practices, information, and analytical training. Sign up by contacting DC.Analysts.Roundtable@gmail.com. Look forward to seeing you there!

Location: Lockheed Martin Global Vision Center Auditorium, 2121 Crystal Drive, Crystal City (Arlington), VA
Date: November 14, 2016, 12:30pm - 5:30pm
See full event details here.

DC Analysts Roundtable 2016

 

Read Post

Lootok presents at the Enterprise Risk Management Summit

Join me at the Enterprise Risk Management Summit in Las Vegas on November 2, 2016!

I will be speaking with Andrew Miller from ADP about linking reputation management, business continuity and crisis planning to strengthen risk resilience.

Where: Rio All-Suite Hotel & Casino in Las Vegas
When: November 2, 2016, 9:00am
What: Linking reputation management, business continuity and crisis planning to strengthen risk resilience

ERM conference 2016
We look forward to seeing you in Las Vegas!

Read Post

What risk management can learn from XBOX

Lootok’s ABdCa®: The best way to collect and analyse data. 

We were at our wits’ end. Neither we nor our clients could take another dull meeting or frustrated end-user. Risk management, crisis management, and business continuity were simply too hard for too little. We took a deep breath and sat back. Finally, someone said it.

“There HAS to be a better way!”

We knew she was right, but none of us had any idea how to accomplish that. We started by just trying to have a little fun in our meetings: we played a few games. As we played, we discovered that our activities were not only fun, but engaging and memorable as well. We could use them to facilitate training and awareness. Then it got better. We realized we could collect and analyze data at the same time.

It was an incredible discovery for us. Not only did we change the experience of a meeting, it facilitated a better learning environment with higher adoption rates, while completing our deliverables at the same time. Developed and refined over the last decade, Lootok’s Activity-Based Data Collection and Analysis (ABdCa®) Model takes a fraction of the time and cost of traditional methods while facilitating a more effective process and more rewarding experience.

Lootok MOD game
Lootok MOD game

Read Post

Lootok & ClearView: The next great duo to change history.

History has rewarded partnerships that have revolutionized the way people live, work, and even think for the better.

The next great duo to change history.


In the spirit of these pairings, Lootok is proud to announce that we will be selling ClearView software, as well as ClearView support, implementation, and consultancy services in North America.

Software alone is not a silver bullet; neither is consulting. Used properly, these two can revolutionize a program. That mutuality is the foundation for our partnership with ClearView. Lootok excels at program set up, training, awareness, and adoption. ClearView provides a best-in-class software that can grow with your program, while not overwhelming your users.

Read Post

Lootok courts a BC software: We were smitten, and it scared us (Part III)

The Brit seemed like our perfect partner, and we feared it too good to be true—technical sophistication, strong reporting/metrics, and flexibility? Our self-defense mechanism kicked in, and we couldn’t help but try to dig up some dirt. So, we asked others, “Hey, what’s the Brit really like?”

But despite our best efforts, all we could scrape up were rave reviews from their existing clients. By all accounts, the Brit seemed reliable, stable, and drama-free.

Though it may seem shallow to admit, we also wanted to date someone with a pleasing, modern aesthetic—and the Brit was recognized globally for its good-looking user interface. Having seen so many clunky platforms, we bonded in our mutual love for user-centered design. We spent many a weekend waxing poetic about the need for “simple, unobtrusive, intuitive planning.”

No doubt our attraction had been instant.

Read Post

Lootok courts a BC software: It’s a Match! (Part II)

We’d been hurt before

Its a match

Years ago, we were seduced by software that promised to solve all of our problems. Maybe it was our fault for being too naïve. The software only ended up being way too complicated, and left us feeling so overwhelmed and abandoned that there was no choice but to eventually break up. The whole experience burned us so bad that we swore never to enter into the software market again.

Maybe we’d just been in the BCM scene too long, but we didn’t want anything flashy or something just “good enough.” Perhaps our standards were high, but we vowed to ourselves not to make the same mistake again.

Read Post

Lootok courts a BC software: We were struggling (Part I)

For a long while, Lootok was happy being alone—we were a start up in New York City that was shaking up the industry. We were doing things that many thought were eccentric, even radical, but we beat the odds, changed perceptions, and emerged as an innovative force in the industry.

Throughout our 10-year existence, we remained single. A number of times, we were approached by other vendors, but we were wary of making any partnerships. Deep down, we feared doing so might compromise all the hard work and strides we had accomplished

NYC city skyline

 

Read Post

How do you use Nudge (behavioral science) in risk management?

Interesting presentation by Harvard Law School Professor Cass R. Sunstein on using behavioral science to change behavior:

From Behavioral Economics to Public Policy

He co-authored the book Nudge.

It is becoming increasingly necessary in risk management and business continuity management to be better, faster, and cheaper. We need to better Return on Investment (ROI), better participation, better end-user experience, faster change, greater reach and adoption, and enhanced techniques and concepts. We need people to do more with less and with higher quality and participation.  To accomplish any of this we need behavioral science.

Cass Sustein
Cass Sustein

Read Post

What is the best way to tell stories as means to communicate - Cliff Atkinson on Fresh Perspective

 

Read Post

How would a physicist approach risk management - Mark Buchanan on Fresh Perspective

 

Read Post

How to use Scenario Planning in Risk Management - Thomas Chermack on Fresh Perspective

 

Read Post

Gartner names ClearView a leader in its 2016 Magic Quadrant for BC software

Lootok is proud to announce that ClearView, our trusted software partner,  has been positioned in the Leaders Quadrant in Gartner’s July 2016 Magic Quadrant for Business Continuity Management Planning Software, Worldwide.

Gartner: Magic Quadrant

CEO Charles Boffin comments, “We are delighted that we have been recognized as a leader in the market as we continue to focus on our core principles of delivering a sophisticated and functionally-rich platform in a way that makes it easy to use and intuitive for all users, irrespective of role in an organization. We believe our transition from the Challengers to Leaders quadrants demonstrates our continuing commitment to remain a key player globally in this field.”

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post

History of Lootok: Where did it all start?

“I have come to the frightening conclusion that I am the decisive element. It is my personal approach that creates the climate. It is my daily mood that makes the weather. I possess tremendous power to make life miserable or joyous. I can be a tool of torture or an instrument of inspiration, I can humiliate or humor, hurt or heal. In all situations, it is my response that decides whether a crisis is escalated or de-escalated, and a person is humanized or de-humanized. If we treat people as they are, we make them worse. If we treat people as they ought to be, we help them become what they are capable of becoming.” - Johann Wolfgang von Goethe

Lootok began at the end of my corporate consulting career ten years ago. The company I worked for was facing yet another management regime change, and I was at a point where I just could not take it and its inevitable political alliances, new taglines and mantras, unrealistic goals, and working 70 hours a week without recognition. We had a saying around the office: “The beatings shall continue until moral increases.” I finally called bull$%*& and starting saying and doing what I thought was right. It was my Jerry Maguire moment, and I was soon shown the door.

Lootok yellow logo

Read Post